Gartner’s 2010 Magic Quadrant for network access control (NAC) is remarkably crowded for a market that reportedly generated just $200 million in annual revenue in 2009. Gartner has included 18 vendors in this year’s quadrant. For many of these companies, NAC revenue is a drop in the bucket. For others, NAC revenue is everything (Bradford Networks, ForeScout, Avenda Systems, InfoExpress, Impulse Point, Nevis Networks). How the heck are they all making enough money to stay in the NAC business?
Gartner says that NAC gets a bad wrap because it’s not generating a ton of revenue and many vendors have disappeared. The most recent exit was ConSentry Networks, which mysteriously still has a live website even though it went out of business in August 2009. But enterprises are using NAC. Guest access is a hugely popular use case, and Gartner believes the “consumerization” of IT will only drive up NAC adoption. With end users bringing personal devices into work, enterprises will need to provide secure access to them.
Gartner is actually projecting a flat market for NAC in 2010, with no revenue growth. Total adoption of NAC is increasing but the revenue is flat because many vendors are offering NAC as part of a larger product or service. As we first pointed out while covering the first NAC Magic Quadrant a year ago, There are the infrastructure vendors like Cisco, Juniper, Enterasys, HP and Avaya, who embed NAC in their switching or security products. There are endpoint security and network security vendors like McAfee, Sophos, Symantec, Check Point Software, who bundle NAC in their products. The indie vendors have to compete against all these guys, many of whom might throw in NAC for free just to close a deal on some switches or some malware protection software. (Does anyone remember how popular Netscape Navigator was before Microsoft decided to bundle Internet Explorer with Windows for free?)
So what does this crowded quadrant look like?
Cisco and Juniper stand alone here. These are the companies who have both excellent technological vision and the ability to deliver on that vision to their customers. Symantec, a leader last year, was bumped into the challenger quadrant because its guess access capabilities are weak. Gartner kept Cisco in the leaders’ spot even though it says Cisco’s NAC solution is too complex and expensive. Gartner noted many Cisco customers have turned to NAC competitors recently. However, Gartner gave Cisco points for its roadmap, noting that the company will release a new line of NAC appliances later this year that consolidates many of the functions that were spread out over too many products. Gartner complimented Juniper for its early embrace of the Trusted Computing Group‘s protocols for NAC interoperability and its IF-MAP specification.
These are the companies that have the ability to close deals but whose technological vision needs a little refinement. As mentioned above, Symantec got bumped from into here for a poor approach to guest networking, which many industry observers see as a major use case for NAC. The only other vendor here is Sophos lost points because its NAC Advanced product, the high end choice of its two NAC products, requires agent software separate from its endpoint protection agent. Its counterparts (McAfee and Symantec) have integrated their NAC products into their overall endpoint protection agents.
These are the companies who are leading the market in terms of what they are doing with their technology but don’t have the robust sales, marketing and support capabilities required for closing deals against bigger companies. Here we find McAfee, the other major endpoint protection vendor in the space, along with NAC specialists ForeScout, Bradford Networks and Avenda Systems. Avenda is new to the MQ, it’s just four years old. Gartner gave it high marks for its embrace of interoperability and its focus on guest access. Bradford scores high in these areas, too. ForeScout is known for being easy to use and having an out-of-band approach that allows companies to move from one use case to another easily.
The Niche Players
These are the companies that don’t stand out for either their technological vision or their ability to execute. There are ten vendors in this category, some with big names (HP and Avaya) and some with small names (Nevis Networks, Trustwave). Gartner says all these companies are valid options for NAC, many of them targeting their products to serve specific vertical industries.
OK, so all 18 vendors are valid NAC options for someone. But there are EIGHTEEN of them. That’s a lot of NAC. This has been the case since the very beginning. NAC vendors have come and gone, and yet the market stays crowded. Even the Great Recession failed to thin the herd by very much.
Cisco has been criticized for losing focus on its enterprise networking portfolio with random technology additions like the Flip camera. But Cisco’s move this week to expand its home and enterprise energy management portfolio is not such a loss of focus. In fact, it’s one that could move enterprises to serious cost savings in their power usage, as well as lend itself to developing a nationwide smart grid that actually works.
The problem is Cisco will have to step up its game in convincing networking engineers why they should add yet another item to their to-do list.
Cisco’s Connected Grid portfolio aims to build an IP network on top of utility smart grids to provide communication from inside the utility all the way to smart meters and even appliances and building systems inside homes and enterprises. As Cisco puts it, the network would connect from “the birth of the electron all the way to consumption.” Enterprises and residents alike could then receive constant notice of their power consumption so they could engage in controlling it on an ongoing basis. Utilities in turn would be able to better manage resources.
Cisco used its platform at Cisco Live 2010 this week to outline the expansion of its Smart Connected Buildings offering with new centralized management technology – the Building Mediator Manager 6300. The management technology allows enterprises to monitor energy consumption related to either facilities or IT. That’s especially crucial considering data center energy consumption is expected to grow five times every two years.
Speaking at Cisco Live, Dave Shroyer, senior controls engineer at NetApp, said his company integrated Building Mediator into its building facility controls, including lighting, HVAC and data center operations. NetApp also use it to monitor pricing signals from its utility, PG&E, and automate the lowering of power consumption at peak energy use times. When usage peaks, NetApp automatically dims its lights and reduces the air conditioning in its buildings, for a decrease of 1.1 Megawatts. Employees receive an email alerting them of the situation and Shroyer said he has had “all employee buy-in [with] no negative reaction at all.” The company has saved 18 million kWh and $2 Million in less than a year, for what amounts to a 30% power reduction annually.
Cisco will need to launch a campaign in which cases like this are clearly explained. That will be the only way of showing network managers that this technology is not a loss of focus, but an integral part of their future.
Gartner rolled out a new Magic Quadrant for Enterprise LAN this month and it looks remarkably similar to last year’s, even though Gartner itself acknowledges that the network switching industry is rapidly evolving.
For the uninitiated, the Magic Quadrant is Gartner’s graphical evaluation tool for the technology markets it covers. It breaks down the vendor landscape into four quadrants: Leaders, visionaries, challengers and niche players. Gartner evaluates vendors via two general criteria (which in turn contain a handful of sub-criteria). The evaluation criteria are “completeness of vision” (or how much Gartner likes the direction a vendor is going with its technology) and “ability to execute” (or how much Gartner believes a given vendor has the marketing, sales and engineering resources to deliver on their promises to customers). Leaders score high in both, challengers score high in execution, visionaries in vision. Niche players score relatively low in both.
The only major change to the quadrant this year is the entry of Juniper Networks, which has quickly established itself as a big-time player in the switching industry. Gartner has named Juniper a challenger in this year’s quadrant, when last year it didn’t even meet the revenue requirements for inclusion. Gartner praised Juniper for its strong history in networking (particularly in Layer 3 routing), its aggressive pricing and its strong, young portfolio of switches. Gartner cautioned that Juniper needs to continue expanding its product line and it needs to get more specific on how it’s going to address next generation data centers. Project Stratus remains relatively vague. Juniper also has no clear WLAN strategy, which is a concern since 60% of enterprises like to buy switches and WLAN products from the same vendor.
Cisco Systems and HP Networking remain leaders. Cisco still has the broadest portfolio of switches and WLAN products on the market. It’s introduced several innovations recently, such as StackPower (the ability to manage the power systems of a stack of Catalyst 3750s collectively) and its new NX-OS operating system for its new Nexus data center switches. However, Gartner says Cisco has been slow in executing a unified wired and wireless product line. Cisco has also left many customers confused about how data centers built with the Catalyst product line will be integrated into the Nexus line. Gartner also claims that customers continue to be critical of Cisco’s efforts in sales, engineering and support.
Gartner says HP’s acquisition of 3Com (a visionary in last year’s quadrant) has combined the number 2 and 3 vendors in the market into a single Tier 1 vendor that has transformed the market. Gartner says enterprises should now consider HP for all its networking needs when evaluating vendors. The lifetime hardware warranties and telephone support across most of its products lowers the TCO HP-built networks. However, Gartner warns that the integration of HP and 3Com will take time simply because the product lines are so big. And there is quite a bit of redundancy between the two vendors, which will cause some confusion. HP’s sales force is also relatively new to networking, which some enterprise networking pros might find as a turnoff if they’re used to buying network hardware from knowledgeable sales pros.
Brocade remains a visionary. Its combination of high-end switching and storage networking expertise bodes well for its vision for its data center strategy and Gartner says the customer support legacy of its Foundry Networks acquisition remains strong.
Extreme Networks, Enterasys/Siemens, and Alcatel Lucent remain niche players. Nortel (now Avaya) is also still a niche player. Force 10 Networks, which dropped off the the quadrant last year because of revenue, has not made its way back.
Although the quadrant looks very similar to last year’s, Gartner says that the networking market has transformed tremendously in the last year. Juniper and HP have established themselves as legitimate Tier 1 vendor alternatives to Cisco. The days of “Cisco and the seven dwarfs” are over. Brocade (with its Foundry acquisition) is strong in the data center, not so much in campus LAN.
Aside from the horse race aspect of the vendors, Gartner has also identified several key innovation trends that enterprises should follow closely to see how their vendors respond.
- IP Telephony: Gartner says vendors have varied in their commitment to integrating their network equipment with IP telephony vendors. Specifically, vendors who have their own IP telephony products haven’t been as aggressive in integrating their products with competitors’ IP telephony equipment to meet customer requirements.
- Security: Gartner says network access control (NAC) will be a mainstream requirement for enterprises within two years. It expects that switch vendors will start to embed NAC into their gear in the next couple years. Entersasys has been a leader in this area with its flow-based security technology.
- Evolving network cores: Here is where things are changing rapidly in the enterprise LAN market. With Gigabit Ethernet (GbE) server connections becoming common, low latency, wirespeed core switches with high-density 10 GbE ports are becoming a requirement. Vendors are racing to establish a leadership role here. Data center bridging, fibre channel over Ethernet (FCoE) and the convergence of storage and data on Ethernet are also going to become major disruptions to the market.
- Converged access: Gartner also notes that the drive to integrate wired and wireless networks will lead to the disappearance of the standalone wireless LAN controller. Vendors are integrating controller functionality into their switches. Those who don’t have their own WLAN product lines will be partnering with standalone WLAN vendors to make this happen
- Price: Gartner notes that the average gross margin on networking gear remains around 60% or 65%, which means there is a lot of room for vendors to come down on price in certain situations. Enterprises are more cost-conscious these days and they’re thinking more about the life cycle cost of the networks they build. This means they aren’t just interested in seeing vendors discount their products to win deals. They also want to know that managing and maintaining the networks they build won’t be too expensive.
Let’s face it: If you’re building counterfeit Cisco gear, it’s rather stupid to hand the stuff over to Cisco. Two alleged fraudsters in the Washington, D.C., area figured that out last week when the Feds charged them conspiracy to commit mail fraud and nine counts of mail fraud.
According to the U.S. Attorney’s Office for the Eastern District of Virginia, two brilliant criminals — (Robert Kendrick Chambliss, 36, of Henrico, Va., and Iheanyi Frank Chinasa, 38, of Gaithersburg, Md. — built phony Cisco gear, then complained to Cisco that the gear didn’t work. They then attempted to exchange the phony gear (or components of that phony gear) for legitimate products, which they probably planned to resell to someone. According to the FBI, these two guys tricked Cisco into giving them $27 million worth of products in exchange for the crap they built out of parts they probably bought from eBay and Radio Shack.
I assume that Cisco doesn’t just throw defective products in the garbage when they fulfill an exchange. It’s obvious that Cisco would want to figure out why $27 million worth of equipment is defective. So Cisco would probably hand the junk over to some forensic engineers who can take Cisco gear apart and reassemble it again with their eyes closed. How hard would it be for them to figure out that these jokers had bilked the company? “Hmm, this isn’t one of our ASICs. What’s going on here?”
This is equivalent to printing phony $100 bills, then complaining to the Treasury you aren’t happy with the quality of the printed bills and trying to exchange them for the real thing.
Network World this week published a brutal takedown of the network access control industry, called “NAC: What went wrong?” Consultant Joel Snyder wrote the article after spending four months lab testing the leading 12 NAC products. His conclusion? Five years of hype, new products, vendor launches, vendor collapses and standardization battles have produced a lot of smoke and not much else. The market is scattered, he says. All 12 top vendors are moving in 12 different directions.
Snyder writes that Cisco Systems in particular is guilty of going off the rails with NAC. Basically Cisco’s acquisition-happy ways has led to yet another case of two many cooks in the kitchen. Its acquisition of Perfigo, a vendor of a wireless access gateway product, evolved into the overlay product Cisco NAC Appliance. Meanwhile Cisco’s routing and switching business unit has built its own NAC product, Cisco Secure Access Control Server. If even Cisco can’t decide how to tackle the NAC market, how is an enterprise to figure out which direction to go.
Regardless of the failures of the NAC industry to truly catch fire, I continue to be amazed by the industry’s ability to continue supporting so many different vendors. Sure there are plenty of network infrastructure and network security vendors that can dabble in NAC as a side business. But there are still plenty of independent start-ups out there, too. They’re still trucking along, with few taking the next big leap to an IPO or a buyout. Occasionally you’ll see one go under, like ConSentry Networks, but the others insist they’re doing just fine.
Trusted Computing Group (TCG), the not-for-profit independent standards-body which promotes vendor-neutral NAC standards, has issued a response to Network World’s takedown with an email entitled “What’s Right with NAC?”
TCG cites a projection from Gartner that NAC will become a mature marketwithin two to five years (Gartner issued its first NAC Magic Quadrant last summer). TCG goes on to say: “Well, we agree with both Mr. Snyder at Network World and with [Gartner]. Certainly the path to NAC products has been neither short nor particularly easy, but today there are a lot of good products to choose from and people ARE using NAC successfully.”
Juniper Networks today unveiled it “3-2-1” architectural vision, also under an umbrella of technologies its dubbed the New Network. It’s a recipe for collapsing the data center network from three layers (access, aggregation and core) down to one. Step one, Juniper says, it collapsing down to just two tiers (access and core).
Juniper argues that most data center networks today devote too many ports in the network to connecting switches to switches. Instead, ports should mostly be connecting servers to servers in order to chop latency and reduce the number of network devices needed in a data center.
How does Juniper propose to solve this problem? Well, first Juniper wants enterprises to try flattening their networks to two tiers by ditching the aggregation layer in data centers. Enterprises today spend $1 billion out of $4.8 billion in annual data center switching dollars on aggregation switches, said Mike Banic, Juniper’s vice president of enterprise marketing, citing IDC research. That’s a lot of extra switches with a lot of extra man-hours spent managing them. Juniper argues that enterprises could do better by eliminating the aggregation layer, allow access layer switches to do all the switching between servers. Those access layer switches would only need to use their uplink ports for communications with the data center core and ultimately the campus LAN and WAN.
Juniper claims its Virtual Chassis technology is the key to this elimination of the aggregation layer. The Virtual Chassis technology is a software feature that allows multiple Juniper switches to act as — and be managed as — one single switch. Juniper has had the feature on the market for awhile now in its 1 Gigabit Ethernet EX4200 switches. By pooling multiple EX4200s into a virtual chassis, enterprises are able to eliminate aggregation switches and connect servers more directly together rather than sending packets up and down a three-tiered network.
Today Juniper extended this collapsed data center vision with several new products that should make this approach accessible to enterprises that want to upgrade from Gigabit servers to 10 Gigiabit servers.
- The EX4500 switch is a 48-port 10 Gigabit Ethernet, Layer 3 switch that will support converged enhanced Ethernet, data center bridging and Virtual Chassis technology. This switch will be available this month, but the converged fabric and Virtual Chassis features will be available in subsequent quarters.
- An EX8200 40XS, a 40-port 10 Gigabit Ethernet line card that will allow the EX8216 half-rack core chassis to scale up to 640 10 Gigabit ports. Juniper will also add its virtual chassis technology to the EX8200 switch series in 2011.
- Several new applications built on Junos Space, the open development platform Juniper introduced last year to allow the creation of specialized applications to be built right into the network hardware which runs the Junos operating system. These applications include Juniper Ethernet Design, an app that allows network managers to automate configuration and management of hundreds of switches
Juniper promises that down the road it will introduce additional products and technologies to further collapse data center network architecture from two layers down to one. This is the heart of what is promised in its still sketchy Project Stratus roadmap. There are still very few details about how exactly this single-tiered data center architecture will look. But Dhritiman Dasgupta, Juniper’s senior product marketing manager offered a decent preview while speaking on an Interop panel about the future of the data center network last month. He said:
The best network is the network that connects ports inside a switch,” he said. “It’s completely flat. Any port can talk to any other port. The ports share a consistent state. You can add line cards and it just scales seamlessly. If I could extend that to my data center network, that would be the best network to solve the challenges that virtualization brings.
Project Stratus gives you a network that is built like the inside of a switch. It extends that out to the entire data center network,” Dasgupta continued. “You can have hundreds of thousands of ports with tens of thousands of virtual machines at the end of each of these ports, all working together in harmony in one flat Layer 2 network. You process the packet once, and you have all the information you need to take it from point A to point B.
Carl Eschenbach, EVP of field operations, told IDG News Service that the media is making too much of its strategic alliance with EMC and Cisco Systems. VMware, he says, is an independent infrastructure software vendor that plays nicely with Dell, HP, IBM et al. “We treat everyone equally,” he said.
VMware, Cisco and EMC formed the VCE (Virtual Computing Environment) coalition late last year, which introduced the vbBlock Infrastructure Package, a modular data center package that’s supposed to power cloud computing. It consists of fully integrated and validated bundles of software, servers, storage and network gear. I guess Eschenbach thinks we, the media, are making too much out of the VCE coalition. But how can you avoid hyping a strategic relationship between the world’s biggest virtualization vendor, the world’s biggest storage vendor and the world’s biggest networking vendor?
And besides, VMware has more than a strategic relationship with these two companies. EMC owns 80% of VMware. In 2007, Cisco bought its own stake in the company. Yes, Cisco owns just 1.5% of VMware, but that’s probably about 100% more of an ownership stake than any VMware customer currently holds.
VMware has done a good job of staying vendor agnostic, which is important since enterprises want to be able to run a hypervisor on whatever hardware they have in their server racks. But tight relationships with partners (and part owners) will continue to be a fact of life. VMware faces some serious competition in the future from Citrix Xen and Microsoft’s Hyper V. At Interop last month, consultant Jim Metzler, of Ashton Metzler & Associates, surveyed attendees by show of hands during a panel session on virtualized application delivery appliances. First he asked attendees whether they were currently VMware shops. Nearly all of them raised their hands. Then he asked them if they expected VMware to be the only hypervisor vendor in their data center two or three years from now. No one raised a hand.
A future is coming where VMware won’t be the de facto hypervisor in data centers. How will VMware hold onto market share when Microsoft is giving away Hyper V? Advanced and innovative features and functionality is one answer. Another answer is continued strategic partnerships with key vendors, like EMC and Cisco.
Earlier this year, we reported that the newly released Cisco IOS 15 requires users to enter registration keys to verify software licenses for each machine. That requirement resulted in a ban on the use of Cisco IOS emulators. Needless to say this infuriated some Cisco users, who used Cisco IOS illicitly for the very above-board need to practice on Cisco equipment in homegrown labs.
Cisco IOS 15 requires users to punch a registration key into every machine running. In return, Cisco gets to keep an image of every machine you have. So Cisco salespeople know just when and how to hit you up for a sale. But they also have a constantly updated image of your network. Ferro raises a host of questions about the use of this information that are worth checking out.
NCCM is becoming increasingly popular. Not only have enterprises recognized that NCCM products can help automate networks and reduce network failures. They’ve also recognized it as a means toward achieving better compliance with industry and government regulations.
This morning Netcordia, a highly rated network configuration and change management (NCCM) startup with about 330 customers, was acquired by Infoblox, a leading DDI (DHCP, DNS and IPAM) vendor.
Steve Nye, Infoblox’s executive VP of product strategy, said he sees the NCCM and DDI markets coming together as enterprises gravitate toward network infrastructure management automation. He said both companies have been trying to solve the same problem: Manual changes to the network are the leading cause of network failures. “We approach this from the IP address management point of view and Netcordia approaches it from a device configuration point of view.”
As a result, there has been plenty of M&A activity and consolidation in the NCCM space recently. In addition to the Netcordia-Infoblox deal, IBM acquired NCCM vendor Intelliden couple of months ago. And last week EMC announced a deeper integration of its NCCM technology, Ionix Network Configuration Manager (formerly known as Voyence, a company EMC acquired in 2007) with its Ionix for IT Operations Intelligence. This integration essentially enables the product to alert and accelerate troubleshooting when network configuration changes affect network availability and performance.
Cloud computing is all the rage at Interop this year. There are keynote sessions devoted to it, plenty of educational sessions. You’ve got a whole host of cloud vendors here. It seems like just about every vendor on the floor has found a way to jam the word cloud into their marketing material.
So who is adopting cloud computing? Well, if you include software-as-a-service (SaaS), which has been swept up into the cloud marketing vortex, cloud computing is taking off, I suppose. About 41% of Interop attendees are using SaaS products like Salesforce.com, according to a survey of 104 IT pros conducted at Interop by Network Instruments.
Twenty-nine percent of attendees have deployed a private cloud. I’d be interested in learning from these survey respondents what they mean by a private cloud. I talked to the CIO of a midmarket firm late last year who said he’s basically been running a private cloud out of his data center for six or seven years… long before anyone was talking about the cloud. It’s all in the eye of the beholder, I guess.
A small number (19%) of respondents said they are actually using the most-hyped of all cloud computing models, infrastructure-as-a-service (IaaS), from providers like Amazon.
So plenty of folks are using some shape or form of cloud computing. Granted some of them might have another name for it: SaaS, ASP, hosted service provider, etc, etc.
What sort of concerns do they have about the cloud? Network Instruments asked their survey respondents about that, too.
- Twenty-two percent say they lack the tools to monitor and manage cloud activity.
- Twelve percent say they are unable to resolve delays caused by cloud providers.
- Twenty-seven percent are worried that cloud computing services will bust their Internet bandwidth budgets.
On the flipside, 33% of respondents see cloud computing as a way to lower infrastructure costs and 30% see it offering them more flexibility to deal with changing business demands.